http://packetstormsecurity.org/ 20 Most Recent Packet Storm File Additions en-us http://packetstormsecurity.org/0805-advisories/SSRT080071.txt HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin. http://packetstormsecurity.org/0805-advisories/mtr-overflow.txt Mtr suffers from a local and remote stack overflow vulnerability. http://packetstormsecurity.org/0805-advisories/USN-612-7.txt Ubuntu Security Notice 612-7 - USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1. This update provides the corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL in Ubuntu 6.06 is not vulnerable, this update will block weak keys generated on systems that may have been affected themselves. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. http://packetstormsecurity.org/0805-advisories/dsa-1580-1.txt Debian Security Advisory 1580-1 - It was discovered that phpGedView, an application to provide online access to genealogical data, allowed remote attackers to gain administrator privileges due to a programming error. http://packetstormsecurity.org/0805-advisories/secunia-foxit.txt Secunia Research has discovered a vulnerability in Foxit Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the util.printf() JavaScript function. This can be exploited to cause a stack-based buffer overflow via a specially crafted PDF file. Successful exploitation allows execution of arbitrary code. Foxit Reader 2.3 build 2825 is affected. http://packetstormsecurity.org/0805-advisories/ZDI-08-027.txt A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates ARCserve Backup. Authentication is not required exploit this vulnerability. The specific flaw exists within the caloggerd log daemon during the processing of log messages that contain directory traversal modifiers. A lack of sanity checking on the provided path allows attackers to append arbitrary data to a file of their choosing and can easily result in a full system compromise. http://packetstormsecurity.org/0805-advisories/ZDI-08-026.txt A vulnerability allows attackers to execute arbitrary code on vulnerable installations of CA BrightStor ARCserve Backup for Linux. User interaction is not required to exploit this vulnerability. The specific flaw exists due to improper bounds checking in the xdr_rwsstring() library function. By sending a long parameter into a daemon using this function to process strings, a stack based buffer overflow occurs, leading to execution of arbitrary code. http://packetstormsecurity.org/0805-advisories/CA-caloggerdxdr.txt CA ARCserve Backup contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability, CVE-2008-2241, is due to insufficient path verification by the logging service, caloggerd. An attacker can append data to arbitrary files, which can lead to system compromise. The second vulnerability, CVE-2008-2242, is due to insufficient bounds checking by multiple xdr functions. An attacker can cause an overflow and execute arbitrary code. http://packetstormsecurity.org/0805-advisories/MDVSA-2008-103.txt Mandriva Linux Security Advisory - field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop. http://packetstormsecurity.org/papers/database/wildcard_attacks.pdf DoS Attacks Using SQL Wildcards - This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers. http://packetstormsecurity.org/0805-exploits/wpfile-exec.txt Wordpress versions 2.5.1 and below offer the ability to execute arbitrary php code via the administrative functionality. This is a bit obvious to anyone who has used Wordpress installations, but I guess it is useful to note. http://packetstormsecurity.org/0805-advisories/ISVA-080516.2.txt Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request to this port that will result in the encrypted domain credentials being returned. Versions 6.8.x and 6.9.x are affected. http://packetstormsecurity.org/0805-advisories/ISVA-080516.1.txt Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request that will result in the exploitation of a SQL Injection vulnerability. This leads to database access under the context of the Deployment server, which typically then allows, command execution under the context of the SQL Server. Versions 6.8.x and 6.9.x are affected. http://packetstormsecurity.org/0805-exploits/bcoos-traverse.txt Bcoos versions 1.0.13 and below suffer from an arbitrary file read vulnerability via highlight.php. http://packetstormsecurity.org/0805-exploits/msword-xss.txt Microsoft Word versions 2003 and 2007 are susceptible to crash and cross site scripting vulnerabilities via malicious javascript execution. http://packetstormsecurity.org/0805-exploits/cpanel-root.txt It appears that there is a remote compromise vulnerability in cPanel in relation to reseller accounts. http://packetstormsecurity.org/0805-advisories/dsa-1579-1.txt Debian Security Advisory 1579-1 - A vulnerability was discovered in the GIF reader implementation in netpbm-free, a suite of image manipulation utilities. Insufficient input data validation could allow a maliciously-crafted GIF file to overrun a stack buffer, potentially permitting the execution of arbitrary code. http://packetstormsecurity.org/0805-advisories/dsa-1578-1.txt Debian Security Advisory 1578-1 - Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language. The session_start function allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from various parameters. A denial of service was possible through a malicious script abusing the glob() function. Certain maliciously constructed input to the wordwrap() function could lead to a denial of service attack. Large len values of the stspn() or strcspn() functions could allow an attacker to trigger integer overflows to expose memory or cause denial of service. The escapeshellcmd API function could be attacked via incomplete multibyte chars. http://packetstormsecurity.org/UNIX/admin/LockDown-1.0.tar.gz LockDown is an application that can be run interactively, non-interactively, or really-non-interactively to lock down a server that runs Red Hat, Fedora, CentOS, or similar systems. It sets things like umask and SGID/SUID, creates a simple firewall, and more. http://packetstormsecurity.org/0805-exploits/mercuryboard-blindsql.txt MercuryBoard versions 1.1.5 and below remote blind SQL injection exploit that takes advantage of login.php.